kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,067 Commits
29 Branches
81 Tags
158 MiB
Commit Graph

3997 Commits (331647f4abca7d059c248ac10b7ba43d9f4b86fc)

Author SHA1 Message Date
Florian Ruynat 5d1b34bdcd Move min k8s version to 1.20 2021-09-22 09:50:01 -07:00
Florian Ruynat 8efde799e1 Update kubernetes version to 1.22.2 2021-09-22 09:50:01 -07:00
Cristian Calin a517a8db01
Drop chech for kubelet_shutdown_grace_period (#7993) 
and kubelet_shutdown_grace_period_critical_pods as ansible cannot do
sane time interval calculations
 2021-09-21 18:34:00 -07:00
Wang Zhen 2211504790
Fix k8s-certs-renew cp path (#7992) 
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
 2021-09-21 00:36:22 -07:00
Cristian Calin fb8662ec19
Calico: update versions 3.20.1, 3.19.3 (#7984) 
* make Calico 3.20.1 the default version
* drop Calico 3.17.x support
 2021-09-20 17:40:23 -07:00
Cristian Calin 6f7911264f
Calico: make calico_min_version check relevant (#7939) 
* Calico: make calico_min_version check relevant

* Calico: only check currently installed version against the oldest supported version by the previous release
 2021-09-20 07:58:09 -07:00
Cristian Calin ae44aff330
Calico: increase calico node probe timeouts and allow tunning (#7981) 2021-09-17 16:08:07 -07:00
Florian Ruynat b83e8b020a
Fix default version (#7977) 2021-09-17 07:31:00 -07:00
Hari Hud 30cd91dc6b
Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade (#7976) 
* Add option to kubeadm upgrade command to control certificates renewal during control plane upgrade

* Remove training whitespace
 2021-09-17 04:31:00 -07:00
Florian Ruynat f2fa9c3b31 Update hashes with new versions 2021-09-17 00:39:02 -07:00
Florian Ruynat 30a7dfa4f8
Fix ubuntu16/centos8 CI jobs (#7972) 2021-09-16 23:39:01 -07:00
Samuel Liu 62ab477838
remove kube_proxy_conntrack_max var (#7971) 2021-09-15 08:22:31 -07:00
rtsp f8a57f7598
Fix iptables missing on Debian 11 if APT::Install-Recommends=0 (#7964) 
On Debian 11, `ipset` just recommend `iptables` so on the system that apt is configured with `APT::Install-Recommends "0";` iptables will not install automatically.
 2021-09-14 08:19:09 -07:00
Bryan Hundven 35c928798d
Fix missing file mode (risky-file-permissions) (#7959) 
* Fix missing file mode (risky-file-permissions)

Found this using ansible-lint.

Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>

* Fix another missing file mode (risky-file-permissions)

This one fixes `/etc/crio/config.json`

Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>
 2021-09-09 23:35:59 -07:00
jhchong92 83f64a7ff9
Bugfix/cinder csi cloud config template (#7955) 
* Fix invalid condition for username and password inclusion

* Use length filter to test variable conditions
 2021-09-09 10:04:11 -07:00
Florian Ruynat 60853fa682 Update kube-ovn to 1.7.2 2021-09-09 08:14:10 -07:00
Florian Ruynat b66356be65 Update cilium to 1.9.10 2021-09-09 08:14:10 -07:00
jhchong92 efae2dbad6
Update snapshot-controller repository and image versions (#7957) 2021-09-09 08:10:11 -07:00
jhchong92 bd8b8916a8
Remove invalid spec - deployment.spec.serviceName (#7949) 2021-09-08 13:05:56 -07:00
jhchong92 57063b6828
Replace incorrect {% end %} tags with {% endif %} in csi_crd templates (#7947) 2021-09-08 12:59:57 -07:00
Ole Mathias Aa. Heggem 69b67a293a
Calico: Add kube_service_addresses_ipv6 to serviceClusterIPs (#7889) (#7944) 
Add IPv6 Service Addresses to BGP advertisement when 
calico_advertise_cluster_ips is true.
 2021-09-08 00:37:20 -07:00
Cristian Calin d57ddf0be8
Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA (#7938) 
* Feature DynamicKubeletConfig is deprecated in 1.22 and will not move to GA

* Add check for dynamic_kubelet_configuration with kube >= 1.22
 2021-09-07 10:47:16 -07:00
Cristian Calin 43e7e2d663
nginx-ingress: bump to 1.0.0 to support kube 1.22 (#7942) 2021-09-06 04:50:36 -07:00
Cristian Calin d355b43dce
ContainerD: bump containerd version to 1.4.9 (#7940) 2021-09-06 04:50:29 -07:00
Cristian Calin 5d52025266
crictl: add hashes for 1.22 (#7936) 2021-09-06 04:46:29 -07:00
Cristian Calin db470f8529
Update CSI snaphotter and make it independent (#7943) 
* CSI: update CSI snapshot CRDs

* CSI: update snapshot controller tag version with kubernetes specific versions

* CSI: allow enabling csi_snapshot_controller independent of Cinder CSI

* CSI: Align csi-snapshot-controller with upstream and use a Deployment instead of a StatefulSet
 2021-09-06 04:24:29 -07:00
kranthi guttikonda 81bf4f9304
cri-o registry auth support (#7837) 
* cri-o registry auth support

* yaml lint for comments

* crio_registry_auth from registry_auth

* crio_registry_auth as defaults
 2021-09-01 10:20:59 -07:00
Maciej Wereski e1967b0700
MetalLB: keep nodeSelector in one place (#7931) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2021-09-01 09:05:00 -07:00
Olivier Lemasle 507091ec8b
Replace cluster_name by dns_domain (#7923) 
`cluster_name` defaults to `dns_domain` value (see [here][1] and [here][2])
but they could have different values.

`dns_domain` should be used here instead of `cluster_name` because the DNS
resolution is configured to use `dns_domain`.

[1]: 0ef7af76bc/roles/kubespray-defaults/defaults/main.yaml (L104)
[2]: 1afdb05ea9/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml (L196)
 2021-09-01 08:18:59 -07:00
Maciej Wereski 48ceca4919
MetalLB: update to v0.10.2 (#7925) 
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
 2021-09-01 03:00:59 -07:00
Cristian Calin 426ad81db0
Calico: replace hashes for latest 3.17 and 3.18 to the .5 minor versions (#7924) 2021-08-31 13:38:21 -07:00
Olivier Lemasle 497d2ca306
Fix Calico's FelixConfiguration when "IP in IP" is disabled (#7926) 
When using Calico with:

- `calico_network_backend: vxlan`,
- `calico_ipip_mode: "Never"`,
- `calico_vxlan_mode: "Always"`,

the `FelixConfiguration` object has `ipipEnabled: true`, when it should be false:

This is caused by an error in the `| bool` conversion in the install task:
when `calico_ipip_mode` is `Never`,
`{{ calico_ipip_mode != 'Never' | bool }}` evaluates to `true`:
 2021-08-31 13:14:21 -07:00
Calvin Park 9d3888a756
During pre-upgrade add a flag to always cordon (#7892) 
* During pre-upgrade add a flag to always cordon

* empty

* empty

* empty

* Better default val
 2021-08-30 10:56:09 -07:00
rtsp c8e090c17f
Add preliminary Debian 11 (bullseye) support (#7853) 
- Use python3-apt instead because python-apt was removed in Debian 11
- Add gnupg (fix "container-engine/containerd : ensure containerd repository public key is installed" task failed)
- Remove aufs-tools

Signed-off-by: rtsp <git@rtsp.us>
 2021-08-30 09:53:06 -07:00
Florian Ruynat 1ccf32e08f
Update docker to 20.10.8 (#7918) 2021-08-30 08:25:06 -07:00
Florian Ruynat 17af348be8 Add bunch of Kubernetes versions missing 2021-08-30 08:17:05 -07:00
Cristian Calin 1afdb05ea9
Fedora and RHEL use etc_t and the convention is <type_name>_t (#7891) 
* Fedora and RHEL use etc_t and the convention is <type_name>_t

* Docs: specify all values for preinstall_selinux_state

* CI: Add Fedora 34 with SELinux in enforcing mode
 2021-08-27 14:20:53 -07:00
Sergey 89993e4833
fix error metrics server capabilities name (#7905) 2021-08-25 12:06:15 -07:00
Cristian Calin 1c3d33e146
Calico: 3.20.0 policy update to allow access to endpointslices (#7899) 2021-08-25 12:06:01 -07:00
Cristian Calin f66c49bf42
Calico: replace version 3.19.1 with 3.19.2 and set as default (#7867) 
Bump calico version to 3.19.2 due to adding 3.20.0 earlier
 2021-08-25 07:32:41 -07:00
rtsp 4c9d7dedb3
addons/cert_manager: retries until webhook pods has been created (#7850) 
Fix task 'Cert Manager | Wait for Webhook pods become ready' failed due to webhook pods don't exist yet by using `retries..until` trick like kubernetes-sigs/kubespray#7842

This fix should be removed in the future if the kubernetes/kubernetes#83242 is resolved.

Signed-off-by: rtsp <git@rtsp.us>
 2021-08-25 07:16:41 -07:00
Sergey 5336943a8c
add cilium_operator_api_serve_addr to cilium operator config (#7901) 2021-08-24 03:49:13 -07:00
Samuel a040e521b4
feat(containerd): auth support (#7868) 
* feat(containerd): auth support

* fix(registry-auth): rename variable
 2021-08-23 06:40:00 -07:00
Cristian Calin 0ac364dfae
Calico: use --allow-version-mismatch in calicoctl.sh to allow upgrades (#7873) 2021-08-20 14:30:48 -07:00
rtsp 79166496f3
debian: Fix test failed after bullseye release (#7888) 2021-08-19 15:37:24 -07:00
Frank Ritchie 1f09229740
Update cilium to 1.9.9 (#7871) 
Now that 1.10 is out this is to make 1.9.9 the default. I am running
this version successfully.
 2021-08-16 13:34:22 -07:00
Léopold Jacquot c06896a352
Update metrics-server to 0.5.0 (#7864) 2021-08-12 08:19:48 -07:00
Cristian Calin c119620f7c
Calico: add v3.20.0 hashes (#7855) 2021-08-11 07:50:46 -07:00
Daniil Muidinov 7f309bb092
fix parameters for module replace in 0060-resolvconf (#7858) 2021-08-10 17:13:26 -07:00
Eugene Artemenko e2b67b5700
Add suport of Vsphere CSI driver 2.2.X versions (#7848) 2021-08-09 08:19:38 -07:00
rtsp 82a9064d8d
addons/cert_manager: fix kubernetes-sigs#7085 by adding retries..until (#7842) 
Fix task 'Cert Manager | Apply ClusterIssuer manifest' failed due to service/endpoints updating delayed even though the wekhook pod status is ready.

Signed-off-by: rtsp <git@rtsp.us>
 2021-08-09 08:19:31 -07:00
Victor Morales a70fab2249
Bump crun to 0.21 version (#7854) 2021-08-09 08:11:31 -07:00
Smita Srivastava 31a5a4e808
retry to fetch binary if it fails first time (#7839) 2021-07-30 00:17:38 -07:00
Vitaliy D 5db86f4c2b
Update vSphere CPI (#7838) 
Changes:
  * ClusterRole updated according to the latest manifests from
    https://github.com/kubernetes/cloud-provider-vsphere
  * vSphere CPI/CSI default versions bumped and
    tested successfully on K8S 1.21.1
  * vSphere documentation updated

Signed-off-by: Vitaliy D <vi7alya@gmail.com>
 2021-07-29 18:17:37 -07:00
AnatomicJC 627a06e30d
CRI-O: Install libseccomp2 from backports on Debian 10 (#7816) 
* CRI-O: Install libseccomp2 from backports on Debian 10

libseccomp2 is a required dependency of cri-o-runc package

The one provided in Debian 10 repositories is outdated

* 7816: Remove useless when condition

As this condition is handled by block
 2021-07-23 07:07:16 -07:00
Kenichi Omichi 56e230863a
Separate gvisor_download_url for runsc and shim (#7760) 
To download necessary files in advance for offline deployment,
we can see all file URLs with contrib/offline/generate_list.sh
Most URLs are downloadable, but gvisor's one is not because the
URL is a part of full URLs for gvisor.
To download gvisor's files from the URLs directory, this separates
into two URLs for runsc and the shim.
 2021-07-22 07:51:51 -07:00
cola-zero f21a707e99
Add containerd on Flatcar Container Linux (#7681) 2021-07-21 06:28:07 -07:00
Florian Ruynat 0ef7af76bc Fixup label for oracle linux bootstrap 2021-07-20 01:29:31 -07:00
Florian Ruynat 18666b3e2d Update multus to 3.7.2 (and move to ghcr.io) 2021-07-20 01:29:31 -07:00
Florian Ruynat ed87386d7b Set default k8s version to 1.21.3 2021-07-20 01:29:31 -07:00
Florian Ruynat 1ad9b33b08 Add hashes for k8s 1.20.8/.9 and 1.19.12/.13 and 1.21.3 2021-07-20 01:29:31 -07:00
Florian Ruynat 000b4565c2 Fix erroneous ansible args 2021-07-20 01:29:31 -07:00
Florian Ruynat eda75fc706 Update kube-router to 1.3.0 2021-07-20 01:29:31 -07:00
Florian Ruynat 6583add63a Update flannel to 0.14.0 (moved from coreos repo to flannel-io) 2021-07-20 01:29:31 -07:00
Florian Ruynat 441ad841cc Use dashboard 2.3.1 image 2021-07-20 01:29:31 -07:00
Florian Ruynat 6511c5dd7a Set Helm default version to 3.6.3 2021-07-20 01:29:31 -07:00
Florian Ruynat d5cbb19b39 Update kube-ovn to 1.7.1 2021-07-20 01:29:31 -07:00
Atsushi Nukariya 417180246c
Fix: typos in docs and comments (#7805) 2021-07-16 18:58:50 -07:00
Fredrik Liv 802fb8b591
Add application credentials support for cinder (#7799) 
* csi-driver: Added possibility to use application credentials for cinder

* external-cloud-controller: Added env vars for openstack application credentials
 2021-07-15 00:56:48 -07:00
spaced c2cf0d9945
add containerd on fedora CoreOS (#7794) 
* set selinux type t_etc if selinux state is enforcing

* workaround with update repo is no longer needed
remove comments about failing playbook

* grubby is not available in distros using ostree

* remove docker support because removed in fcos
update install script example with live rootfs

* do not call grubby on ostree based distro

* update docs enabling containerd on fedora coreos
 2021-07-15 00:00:48 -07:00
jayonlau e61a9077f4
Clean up extra spaces about configuration-qemu.toml.j2 (#7795) 
Clean up extra spaces, although these errors are not important, they affect the code specification.
 2021-07-13 06:38:34 -07:00
spaced bf54dc082b
set selinux type t_etc if selinux state is enforcing (#7791) 2021-07-13 06:34:29 -07:00
cleveritcz 3ff7bc1f64
Added k8s 1.21.2 (#7789) 2021-07-13 06:26:29 -07:00
Cristian Calin 7516fe142f
Move to Ansible 3.4.0 (#7672) 
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
 2021-07-12 00:00:47 -07:00
Sébastien Huss b0e4c375a7
Allow cri-o offline install (#7777) 2021-07-09 20:52:45 -07:00
Florian Ruynat d1388d69d0
Fix tests following python change (#7775) 
* Fix ansible detection for python3 and ubuntu

* Fix oracle missing centos-extras repo for containerd/docker dependencies
 2021-07-08 18:52:53 -07:00
Shinerrs d0fb537448
Ubuntu changed package name python-apt to python3-apt (#7769) 
* replaced deprecated python package with python3 package

* removed the version due to duplication
 2021-07-02 06:56:13 -07:00
jayonlau 59cf1770bc
Clean up residual files about /usr/libexec (#7756) 
When reset, need to clean up directory /usr/libexec.
 2021-07-01 02:13:54 -07:00
Vadim 0aaba5ea30
added destination filename to cp command (#7764) 2021-06-30 08:13:03 -07:00
Cristian Calin bd6d810d0a
nodelocaldns: allow binding metrics address to host IP (#7748) 2021-06-29 05:28:41 -07:00
jayonlau e3850fbbbc
Extra spaces of macvlan (#7752) 
Although these errors are not important, they affect the code specification.
 2021-06-28 02:13:25 -07:00
Cristian Calin a3e34f589a
Enable Graceful Node Shutdown for Kubernetes >= 1.21.0 (#7746) 
* Enable Graceful Node Shutdown for Kubernetes >= 1.21.0

* Add sample graceful shutdown parameters
 2021-06-27 23:53:25 -07:00
Cristian Calin a2cf6816ce
Calico wireguard (#7638) 
* Calico: add Wireguard support

* CI: Add Calico Wireguard scenario
 2021-06-25 03:22:45 -07:00
jayonlau bbcafb5d7b
Clean up residual files about modules-load.d (#7737) 
When reset, need to clean up files kube_proxy-ipvs.conf and kubespray-br_netfilter.conf.
 2021-06-25 00:32:45 -07:00
Id2ndR a31baf3c16
Fix deployment without openstack cacert (#7723) 
* fix group name

* fix external-openstack-cloud-config secret

* don't add ca.cert in the secret if not defined
 2021-06-21 05:38:50 -07:00
jayonlau e83728897b
Clean up residual files (#7722) 
* Clean up residual files

When reset, you need to clean up to the kerw directory.

* Update main.yml
 2021-06-21 05:34:50 -07:00
Cristian Calin 282a27a07c
gVisor: initial support for gVisor container runtime (#7661) 
* Docker/Containerd: move downloads urls to containerd-common

* gVisor: initial support for gVisor container runtime
 2021-06-21 05:18:51 -07:00
Sergey 3fe6dbb65c
fix image pull url for coredns v1.8.0 (#7702) 2021-06-16 17:00:19 -07:00
flix444 7547e6a272
Ubuntu 21.04 changed packagename python-apt in python3-apt (#7715) 2021-06-16 13:58:00 -07:00
Cristian Calin 1928dafc7e
Revert to conmon location override for Redhat and Fedora (#7701) 2021-06-16 09:07:59 -07:00
Florian Ruynat e77b9bf3ee
Update kube-ovn to 1.7.0 (#7686) 2021-06-16 08:10:00 -07:00
Samuel Liu 7f7e83a4d9
fix local-path-provisioner helper image repo (#7703) 2021-06-16 08:06:00 -07:00
Marko Kohtala 85fe716d46
Drop "Server" from crio repo URL (#7698) (#7699) 
$releasever can be 7Server, but there is no such CentOS path on
download.opensuse.org.

Use ansible_distribution_major_version instead of $releasever.
 2021-06-11 05:10:59 -07:00
Kenichi Omichi 85ff3eb8be
Update the version of local_volume_provisioner (#7684) 
As [1], v2.4.0 has been released already for local_volume_provisioner.
This updates the version.

[1]: https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/tags
 2021-06-11 04:36:59 -07:00
Florian Ruynat e55c359cf9
Updage docker packages to 20.10.7 (#7685) 2021-06-11 04:32:59 -07:00
Kasakaze d66da21726
make sure serviceaccounts/token is only in the metadata stage (#7679) 2021-06-07 08:38:40 -07:00
forselli-stratio 1069b05e68
Improve scale flow and documentation (#7610) 
* Improve scale flow

* Add confirmation prompt again
 2021-06-07 05:02:40 -07:00
Cristian Calin ec0c0d4a28
Calico enable support for eBPF (#7618) 
* Calico: align manifests with upstream

* allow enabling typha prometheus metrics

* Calico: enable eBPF support

* manage the kubernetes-services-endpoint configmap

* Calico: document the use of eBPF dataplane

* Calico: improve checks before deployment

* enforce disabling kube-proxy when using eBPF dataplane
* ensure calico_version is supported
 2021-06-07 04:58:39 -07:00
jiriproX 1739b27231
Replace yum module with package module (#7621) 2021-06-05 04:16:39 -07:00
Sergey d9d29af87f
update containerd to version 1.4.6 (#7674) 2021-06-03 10:55:38 -07:00